1. Overview and Commitment to Data Sovereignty

AusSafina (AUSSAFINA TRADING PTY LTD, ABN 94 694 431 840, ACN 694 431 840), hereafter referred to as "we," "us," or "our," operates the consolidated master vendor supply chain network. We are committed to protecting the privacy, confidentiality, and security of all corporate, entity, and individual information entrusted to our organization.

This Privacy Policy outlines how we collect, hold, use, and safeguard your information in strict compliance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and secondary state-based statutory data protection mandates.

Enterprise Sovereignty Assurance: To satisfy the rigorous compliance and security standards mandated by public delivery programs, Tier 1 enterprises, and government procurement authorities, all data processed through the AusSafina infrastructure is hosted, managed, and retained exclusively within secure, Australian-sovereign cloud infrastructure aligned with ISO 27001 data security standards.

2. The Information We Collect

To fulfill our contracting obligations, framework validation processes, and secure diagnostic review environments, we collect information categorized across two operational streams:

A. Corporate and Procurement Records (Non-Personal Information)

• Registered corporate names, Joint Venture details, and entity identifiers (ABN, ACN).

• Target procurement parameters, including projected program spend allocations, regional project footprints, and workforce volume projections.

• Program, project, or unique tender contract package identifiers.

• Selected statutory compliance parameters (e.g., Social Procurement Framework, Indigenous Procurement Policy, Local Jobs First metrics).

B. Professional Identity Records (Personal Information)

Under the Privacy Act 1988 (Cth), we collect limited personal information necessary to establish secure access channels and communicate assessment outcomes, including:

• Full professional name and corporate title/role within the enterprise.

• Direct corporate email addresses and telephone numbers.

• Secure user access records, credential identifiers, and audit-trail logging records when interacting with our online portals.

3. Methods of Collection

We collect information strictly through transparent, secure, and authorized interactive channels:

• Direct submission via our Principal Procurement Portal intake channels and Subcontractor Capacity Registration fields.

• Explicit engagement inputs entered directly into our Live Project Ledger Demonstrator.

• Formal intake documentation, including capability statements, statutory declarations, pre-qualification submissions, and corporate registration files.

• Automated Technical Logs: Limited technical cookies and session storage variables necessary to maintain secure user authentication states and optimize system processing speeds.

4. Purposes of Collection and Data Processing

AusSafina processes your data strictly for legitimate commercial, legal, and operational purposes directly tied to our service delivery model. We do not engage in consumer profiling, data broking, or external commercialization.

Your information is processed to:

• Perform formal evaluation and verification against state and federal statutory compliance thresholds (e.g., NIAA, DJSIR, Fair Jobs Code regulations).

• Generate localized Risk Insulation records to identify reporting friction points in your procurement schedule.

• Validate minority vendor, certified social enterprise, and subcontractor panel alignment metrics.

• Contact your designated enterprise representatives within one business day to formalize compliance onboarding and preliminary framework assessments.

• Maintain unalterable system audit logs required by regulatory authorities to prove compliance records are continually audit-ready.

5. Data Storage, Sovereignty, and Security Protocols

We treat data security as an absolute operational imperative. AusSafina implements enterprise-grade physical, technical, and administrative controls to insulate your information from unauthorized access, modification, exposure, or destruction:

• Sovereign Enclaving: All database instances and active database records sit permanently within Australian borders. No data is mirrored, routed, or stored off-shore.

• Cryptographic Protection: All data payloads transmitted to or from our data forms and custom project ledger modules are encrypted in transit using industry-standard Transport Layer Security (TLS) and encrypted at rest utilizing robust advanced encryption algorithms.

• Access Segregation: Access to collected corporate data is strictly compartmentalized. Only authorized AusSafina compliance specialists and technical specialists bound by legally enforceable non-disclosure agreements (NDAs) are permitted system access to verify framework data.

6. Disclosure of Information

We will not sell, rent, trade, or casually distribute your information to third parties. Disclosure of corporate or professional records occurs strictly under the following controlled parameters:

• Explicit Authorized Routing: When directed by you to bridge your validated tracking records directly with verified Tier 1 buyers, certified supplier networks, or public delivery panels.

• Statutory Compulsion: Where required natively by Australian law, court orders, or formal directives issued by regulatory procurement commissioners, audit panels, or law enforcement authorities.

• Corporate Restructuring: In the event of a corporate transition, merger, acquisition, or joint-venture integration, provided the acquiring entity formally executes an absolute continuity of this Privacy Policy.

7. Data Retention and Deletion

We retain information only for as long as necessary to fulfill your structural onboarding requirements, maintain ongoing compliance monitoring streams, or satisfy statutory record-keeping periods mandated by Australian commercial and public administration frameworks.

Upon receipt of an authorized corporate request to terminate contractual integration, AusSafina will safely purge or permanently anonymize your data streams within standard operational timelines, subject to overriding statutory record-preservation mandates.

8. Access, Correction, and Rights

Under the APPs, your authorized corporate representatives hold explicit rights to access the personal and corporate data we hold, and to request swift correction where records are inaccurate, out of date, or incomplete.

To execute an access request, initiate a correction query, or lodge a formal complaint regarding data handling protocols, contact our data protection officer directly at the secure channel below.

9. Contact and Inquiries

AusSafina Compliance & Data Protection Officer

• Entity Office: AUSSAFINA TRADING PTY LTD

• Corporate Communications Hub: legal@aussafina.com.au

• Regulatory Alignment: Formally configured to address inquiries within 1 business day.